Crypto breakthrough shows Flame was designed by world-class scientists

The spy malware achieved an attack unlike any cryptographers have seen before.

Enlarge / An overview of a chosen-prefix collision. A similar technique was used by the Flame espionage malware that targeted Iran. The scientific novelty of the malware underscored the sophistication of malware sponsored by wealthy nation states.

The Flame espionage malware that infected computers in Iran achieved mathematic breakthroughs that could only have been accomplished by world-class cryptographers, two of the world's foremost cryptography experts said.

"We have confirmed that Flame uses a yet unknown MD5 chosen-prefix collision attack," Marc Stevens wrote in an e-mail posted to a cryptography discussion group earlier this week. "The collision attack itself is very interesting from a scientific viewpoint, and there are already some practical implications." Benne de Weger, a Stevens colleague and another expert in cryptographic collision attacks who was briefed on the findings, concurred.

"Collision" attacks, in which two different sources of plaintext generate identical cryptographic hashes, have long been theorized. But it wasn't until late 2008 that a team of researchers made one truly practical. By using a bank of 200 PlayStation 3 consoles to find collisions in the MD5 algorithm—and exploiting weaknesses in the way secure sockets layer certificates were issued—they constructed a rogue certificate authority that was trusted by all major browsers and operating systems. Stevens, from the Centrum Wiskunde & Informatica in Amsterdam, and de Weger, of the Technische Universiteit Eindhoven were two of the seven driving forces behind the research that made that 2008 attack possible.

Flame is the first known example of an MD5 collision attack being used maliciously in a real-world environment. It wielded the esoteric technique to digitally sign malicious code with a fraudulent certificate that appeared to originate with Microsoft. By deploying fake servers on networks that hosted machines already infected by Flame—and using the certificates to sign Flame modules—the malware was able to hijack the Windows Update mechanism Microsoft uses to distribute patches to hundreds of millions of customers.

According to Stevens and de Weger, the collision attack performed by Flame has substantial scientific novelty. They arrived at that conclusion after Stevens used a custom-designed forensic tool he developed to detect and analyze hash collisions.

"More interestingly, the results have shown that not our published chosen-prefix collision attack was used, but an entirely new and unknown variant," Stevens wrote in a statement distributed on Thursday. "This has led to our conclusion that the design of Flame is partly based on world-class cryptanalysis. Further research will be conducted to reconstruct the entire chosen-prefix collision attack devised for Flame."

The analysis reinforces theories that researchers from Kaspersky Lab, CrySyS Lab, and Symantec published almost two weeks ago. Namely, Flame could only have been developed with the backing of a wealthy nation-state. Stevens' and de Weger's conclusion means that, in addition to a team of engineers who developed a global malware platform that escaped detection for at least two years, Flame also required world-class cryptographers who have broken new ground in their field.

"It's not a garden-variety collision attack, or just an implementation of previous MD5 collisions papers—which would be difficult enough," Matthew Green, a professor specializing in cryptography in the computer science department at Johns Hopkins University, told Ars. "There were mathematicians doing new science to make Flame work."

This article was updated at 11:01 am PDT on June 10 to clarify Stevens' and de Weger's roles and to change language in the 5th paragraph.

161 Reader Comments

Even when the US resorted to using cyber warfare and let Israel participate, it still failed to rein in their zeal. They (Israel) still went too far and allegedly modified the code so that it would propagate as we now see.

I think the proper conclusion is that Israel accidentally let it propagate, not that they did it on purpose. What did they stand to gain? It was still only designed to sabotage a very specific facility – all its spread led to was public knowledge of its existence.

Neither of those are even remotely proper. The NYT report says that it is unknown whether the error was made by the US or Israel.It's also incorrect to claim that the US 'let Israel participate' when in fact their expertise and intelligence was on par with that of the US, according the NYT itself.

The level of mathematical expertise certainly does. I'm just curious why the NSA would show its hand by using a brand new, unkown technique when there was an existing, known technique. Now we know what they know, which is very un-NSA-like. I guess maybe they were in a hurry.

Or this is only one of several methods they have. Just because you laid down one card doesnt mean you showed your entire hand.

Back in The Day the CIA would work with Kodak or Polaroid to make spy cameras. Some guy or very small group inside some corporation would design and build amazing things, things well past the edge of any known technology of the time. The approach applies to all sorts of technology used during the cold war and beyond. So, what's to say that NSA/whatever didn't just hire Microsoft to build this thing? Based on the comments so far, it might seem that Microsoft achieved plausible deniability.

As for the 14-year old designers and the professionalism of the code...seems like they (the pros) would have mucked it up a bit if they had expected it to get loose. That was another aspect of the cold war tech...if the device got loose nobody might figure out what it really was. This plays into the idea that Flame has been around for a long time.

I agree this is a great story, and I'm also a firm believer that there's way more going on that we don't know about. Any cursory read of the history of crypto tech leads to the conclusion that the government has some serious stuff working that the brightest Chinese or Russians can't hope to break...but they may have stolen. lol

Ars, give me a fuckin break. You're regurgitating the crap idea that "because its sophisticated and used some advanced math, it must be backed by a nation state." You are essentially inciting a geo-political war and using Flame as its battle line.

Truth is, anyone with enough time and enough motivation will eventually succeed. Not to mention, there are lots of normal "professionals" that devote there time and expertise to exactly this sort of thing-- as a means for intellectual stimulation -- no necessarily exploitation and advancement of political agenda.

Do me a solid Ars, actually think about the things you write. Its irresponsible to essentially re-post something just because the New York Post did so. I'm sorry but I need a little more factual evidence other than "some unnamed anonymous source is quoted as corroborating such and such." If they are really telling the truth, they'd give there name, otherwise, one must assume it's rubbish...

I think it's pretty funny that people are just now realizing there's been a full scale cyber world war going on for the last decade. The people working on this stuff must have giggled themselves to death watching all the action/espionage movies where people dismissed the hacking as completely unrealistic and ridiculous, while they were actually doing more impressive stuff.

The question is, if these guys are 10 years (or more) ahead of the game what are they up to now. Or to put the same question another way, what do you imagine Ars' headline cyber attack will be in 2022?

How is this 'flame' any threat to Iranian computers if Iran developed their own 128 bits operating system or even goes as high as 256 bits?

IPv8 .. IPv16?

All this is 'money' talk and Iran has the money to accomplish all this ..

By tomorrow.

The U.S. software developers work for the money and they are all work under the three platforms of Microsoft, Mac, and Linux, if there's no one pays the developers for the development of 128 bits or the 256 bits, 64 bits is as high as it goes for now.

It will take U.S. the next hundred years to play catch-up with Iran. See how quickly Iran gets the situation turned around?

Ars, give me a fuckin break. You're regurgitating the crap idea that "because its sophisticated and used some advanced math, it must be backed by a nation state." You are essentially inciting a geo-political war and using Flame as its battle line.

Truth is, anyone with enough time and enough motivation will eventually succeed. Not to mention, there are lots of normal "professionals" that devote there time and expertise to exactly this sort of thing-- as a means for intellectual stimulation -- no necessarily exploitation and advancement of political agenda.

Do me a solid Ars, actually think about the things you write. Its irresponsible to essentially re-post something just because the New York Post did so. I'm sorry but I need a little more factual evidence other than "some unnamed anonymous source is quoted as corroborating such and such." If they are really telling the truth, they'd give there name, otherwise, one must assume it's rubbish...

Perhaps you missed the heavily-sourced story in The New York Times from 6/1/2012 that went into a lot of detail about the current administration's use of cyber-warfare against Iran...

How is this 'flame' any threat to Iranian computers if Iran developed their own 128 bits operating system or even goes as high as 256 bits?

IPv8 .. IPv16?

All this is 'money' talk and Iran has the money to accomplish all this ..

By tomorrow.

The U.S. software developers work for the money and they are all work under the three platforms of Microsoft, Mac, and Linux, if there's no one pays the developers for the development of 128 bits or the 256 bits, 64 bits is as high as it goes for now.

It will take U.S. the next hundred years to play catch-up with Iran. See how quickly Iran gets the situation turned around?

What in the pluperfect hell are you talking about? What does the CPU word-size have to do with the Internet Protocol? That's what IP stands for. And how exactly is Iran going to create the 128-bit CPUs for this 128-bit OS to run on?

Money is useful, yes, but it's not going to magic up an entire semi-conductor industry. And even if it did, nations can still get their hands on the hardware and software to crack its security. A 128-bit processor would be no more secure than a 64-bit one; it would simply have a larger word length and pointer size. Nothing more.

In short, your post is poorly-understood nonsense. In the future, please learn something about computers before deciding on what is feasible and what is not.

How is this 'flame' any threat to Iranian computers if Iran developed their own 128 bits operating system or even goes as high as 256 bits?

IPv8 .. IPv16?

All this is 'money' talk and Iran has the money to accomplish all this ..

By tomorrow.

The U.S. software developers work for the money and they are all work under the three platforms of Microsoft, Mac, and Linux, if there's no one pays the developers for the development of 128 bits or the 256 bits, 64 bits is as high as it goes for now.

It will take U.S. the next hundred years to play catch-up with Iran. See how quickly Iran gets the situation turned around?

What in the pluperfect hell are you talking about? What does the CPU word-size have to do with the Internet Protocol? That's what IP stands for. And how exactly is Iran going to create the 128-bit CPUs for this 128-bit OS to run on?

Money is useful, yes, but it's not going to magic up an entire semi-conductor industry. And even if it did, nations can still get their hands on the hardware and software to crack its security. A 128-bit processor would be no more secure than a 64-bit one; it would simply have a larger word length and pointer size. Nothing more.

In short, your post is poorly-understood nonsense. In the future, please learn something about computers before deciding on what is feasible and what is not.

I think you're responding to a troll pretending to be Sacha Baron Cohen pretending to be an elite Iranian hacker pretending to be a troll.

Ars, give me a fuckin break. You're regurgitating the crap idea that "because its sophisticated and used some advanced math, it must be backed by a nation state." You are essentially inciting a geo-political war and using Flame as its battle line.

Truth is, anyone with enough time and enough motivation will eventually succeed. Not to mention, there are lots of normal "professionals" that devote there time and expertise to exactly this sort of thing-- as a means for intellectual stimulation -- no necessarily exploitation and advancement of political agenda.

Do me a solid Ars, actually think about the things you write. Its irresponsible to essentially re-post something just because the New York Post did so. I'm sorry but I need a little more factual evidence other than "some unnamed anonymous source is quoted as corroborating such and such." If they are really telling the truth, they'd give there name, otherwise, one must assume it's rubbish...

Perhaps you missed the heavily-sourced story in The New York Times from 6/1/2012 that went into a lot of detail about the current administration's use of cyber-warfare against Iran...

I did read that article ( precisely why I flamed Ars for using it as a source). The use of anonymous sources in the NY Times article is an example of using secondary, not primary sources. What technical details of this malware like it to a nation-state? Is it because its "sophisticated"? No, graduate students and researches can produce "sophisticated" software. Refering to the "anonymous sources with ties to the operation," can we independantly interview these sources? Can we confirm their credentials? No. Should we trust that they are telling the truth simply because the NY Times published their supposed statements? Absolutely not. So why is Ars doing it?

I have a feeling you will start to see more Linux and Mac users popping up in the middle east. Before the flaming starts, yes those OS systems can be exploited too, but they sound much more secure than Windows does right now, at least in the middle east.

with the level of resource and sophistication that is behind Flame malware, I'm pretty sure both linux and OSX will crumble just as easily. Noone is safe from something of this magnitude. It's designed to work with brain power of guys whose IQ's with numbers longer than my bank account.

If Windows was a woodend house, linux and OSx would be a concrete house. Something like Flame is a laser, satelite and radar guided bunker buster with a delayed fuse. Either way, it's GG.

Edit. Sorry, I had a fit of stupid. The outputs have to be the same. They probably decompiled and compared.

Decompile *what*? Not the certificate, certainly - if those could be decompiled we'd have been in trouble years ago - so what else are they looking at?

There is nothing to decompile in certificate. It is public and it can be transmitted in plain text . Open certmgr.msc in Windows and you'll be able to read content of all certificates that are accepted by your machine .

I have a feeling you will start to see more Linux and Mac users popping up in the middle east. Before the flaming starts, yes those OS systems can be exploited too, but they sound much more secure than Windows does right now, at least in the middle east.

with the level of resource and sophistication that is behind Flame malware, I'm pretty sure both linux and OSX will crumble just as easily. Noone is safe from something of this magnitude. It's designed to work with brain power of guys whose IQ's with numbers longer than my bank account.

If Windows was a woodend house, linux and OSx would be a concrete house. Something like Flame is a laser, satelite and radar guided bunker buster with a delayed fuse. Either way, it's GG.

You are correct in your statement that no OS is safe. When discusing the security of one software versus another, you can assess whether the models one software chooses to employ have inherent flaws. In truth, this is Computer Science, all OSes operate in much the same way, and thusly have the same inherent vulnerabilities in there underlying models. This is made worse by the differences in implementation. MS decided to deploy this cert based model in TS licensing which employed MD5. MD5 has inherent vulnerabilities ( based on design assumptions about how computationally feasible it would be to crack it). They got burnt by people with skills and time to dedicate discovering how MS desinged the software. Thi is how design/development/security goes...

Ars, give me a fuckin break. You're regurgitating the crap idea that "because its sophisticated and used some advanced math, it must be backed by a nation state." You are essentially inciting a geo-political war and using Flame as its battle line.

Truth is, anyone with enough time and enough motivation will eventually succeed. Not to mention, there are lots of normal "professionals" that devote there time and expertise to exactly this sort of thing-- as a means for intellectual stimulation -- no necessarily exploitation and advancement of political agenda.

Do me a solid Ars, actually think about the things you write. Its irresponsible to essentially re-post something just because the New York Post did so. I'm sorry but I need a little more factual evidence other than "some unnamed anonymous source is quoted as corroborating such and such." If they are really telling the truth, they'd give there name, otherwise, one must assume it's rubbish...

Perhaps you missed the heavily-sourced story in The New York Times from 6/1/2012 that went into a lot of detail about the current administration's use of cyber-warfare against Iran...

I did read that article ( precisely why I flamed Ars for using it as a source). The use of anonymous sources in the NY Times article is an example of using secondary, not primary sources. What technical details of this malware like it to a nation-state? Is it because its "sophisticated"? No, graduate students and researches can produce "sophisticated" software. Refering to the "anonymous sources with ties to the operation," can we independantly interview these sources? Can we confirm their credentials? No. Should we trust that they are telling the truth simply because the NY Times published their supposed statements? Absolutely not. So why is Ars doing it?

Anonymous sources have been an accepted practice in mainstream journalism for some time. It's not a new practice. Sure, I think there are plenty of reasons to be skeptical of the mainstream media such as The Times. However, it's not 100% out of place to operate under a presumption that maybe the writer of The Times' piece did indeed do his homework, and only published based on the quality of his sources. Just because they're anonymous, doesn't mean they weren't high-level. I do not believe they would have published if they didn't believe the sources for the piece. When The Times published a bunch of BS leading up to the war with Iraq, it was due to high-placed officials within the administration feeding them a lot of crap, if memory serves.

The question is, if these guys are 10 years (or more) ahead of the game what are they up to now. Or to put the same question another way, what do you imagine Ars' headline cyber attack will be in 2022?

Ars, give me a fuckin break. You're regurgitating the crap idea that "because its sophisticated and used some advanced math, it must be backed by a nation state." You are essentially inciting a geo-political war and using Flame as its battle line.

Truth is, anyone with enough time and enough motivation will eventually succeed. Not to mention, there are lots of normal "professionals" that devote there time and expertise to exactly this sort of thing-- as a means for intellectual stimulation -- no necessarily exploitation and advancement of political agenda.

Do me a solid Ars, actually think about the things you write. Its irresponsible to essentially re-post something just because the New York Post did so. I'm sorry but I need a little more factual evidence other than "some unnamed anonymous source is quoted as corroborating such and such." If they are really telling the truth, they'd give there name, otherwise, one must assume it's rubbish...

Perhaps you missed the heavily-sourced story in The New York Times from 6/1/2012 that went into a lot of detail about the current administration's use of cyber-warfare against Iran...

I did read that article ( precisely why I flamed Ars for using it as a source). The use of anonymous sources in the NY Times article is an example of using secondary, not primary sources. What technical details of this malware like it to a nation-state? Is it because its "sophisticated"? No, graduate students and researches can produce "sophisticated" software. Refering to the "anonymous sources with ties to the operation," can we independantly interview these sources? Can we confirm their credentials? No. Should we trust that they are telling the truth simply because the NY Times published their supposed statements? Absolutely not. So why is Ars doing it?

Anonymous sources have been an accepted practice in mainstream journalism for some time. It's not a new practice. Sure, I think there are plenty of reasons to be skeptical of the mainstream media such as The Times. However, it's not 100% out of place to operate under a presumption that maybe the writer of The Times' piece did indeed do his homework, and only published based on the quality of his sources. Just because they're anonymous, doesn't mean they weren't high-level. I do not believe they would have published if they didn't believe the sources for the piece. When The Times published a bunch of BS leading up to the war with Iraq, it was due to high-placed officials within the administration feeding them a lot of crap, if memory serves.

And what is the basis for believing "high-placed officials within the administration" aren't feeding them a lot of crap with this story? I understand the practice of using anonymous sources and the utility in doing so. But understand the danger in doing so as well. People who don't have a technical background can be duped into believe that the story is legitimate. I'm not asking that we be skeptical of mainstream media, I'm asking that we use a bit of intuition. Here, intuition, based on having a technical background, tells me that making the argument that "sophisticated software (development)" is NOT mutually exclusive with having a "nation-state" backing your development. Its simply not true. Could be that Iran has pissed of a lot of individuals ( indeed, by intuition and observation of their actions, it is true). Could be that internal parties have their own political agenda to push ( not going to go do conspiracy-theory road here).

The reason I'm so against this type of reporting is that its the same type of reporting countries like Iran, China, Russia etc use to convince readers that America bad. Ever read Iranian news releases, they just presume America is behind everything bad that happens in their country. Its no longer "America may be responsible for X,Y,Z" its "Today, America did XYZ." It's irresponsible reporting.

The level of mathematical expertise certainly does. I'm just curious why the NSA would show its hand by using a brand new, unkown technique when there was an existing, known technique. Now we know what they know, which is very un-NSA-like. I guess maybe they were in a hurry.

I'm not asking that we be skeptical of mainstream media, I'm asking that we use a bit of intuition. Here, intuition, based on having a technical background, tells me that making the argument that "sophisticated software (development)" is mutually exclusive with having a "nation-state" backing your development.

Uhm, not sure if I am reading this right; you mean a nation-state-backed effort can not do sophisticated software development?

Anyway, I’d rather have _some_ badly sourced news than no news at all. Sure, anyone with a bit of a brain could have guessed it’s government work from either NSA or its Israeli counterpart, but articles like this one shed a bit more light on it. Better than just have a "no comment" circle-jerk. Also, thanks to the US political system, there will always be someone from the "other" party who’ll be willing to talk, just in case they could besmirch the one in power.

I'm not asking that we be skeptical of mainstream media, I'm asking that we use a bit of intuition. Here, intuition, based on having a technical background, tells me that making the argument that "sophisticated software (development)" is mutually exclusive with having a "nation-state" backing your development.

Uhm, not sure if I am reading this right; you mean a nation-state-backed effort can not do sophisticated software development?

Anyway, I’d rather have _some_ badly sourced news than no news at all. Sure, anyone with a bit of a brain could have guessed it’s government work from either NSA or its Israeli counterpart, but articles like this one shed a bit more light on it. Better than just have a "no comment" circle-jerk. Also, thanks to the US political system, there will always be someone from the "other" party who’ll be willing to talk, just in case they could besmirch the one in power.

Edited, thanks for catching that... I meant: "sophisticated software (development) is NOT mutually exclusive with having..."

Edited, thanks for catching that... I meant: "sophisticated software (development) is NOT mutually exclusive with having..."

Ah, ok, makes sense—I was about to say that most likely state-funded development is the closest to ideal environment for sophisticated software development, as there is enough funding and "seriousness" involved, but wasn’t sure what exactly you mean, so I asked instead.

Yeah, if anything, entities operating outside of "free markets" have the freedom to actually do proper software engineering and not just hacking with a "we’ll fix that in 1.1" attitude.

So should we all move away from MD5? SHA-1 and SHA-2 also have some cryptographic weaknesses, although there hasn't been a successful attack on SHA-2 yet.This attack on MD5 was new as well, based on known weaknesses. So there's a fair chance that these weaknesses in SHA-2 have been exploited as well, we just haven't seen it.

So should we all move away from MD5? SHA-1 and SHA-2 also have some cryptographic weaknesses, although there hasn't been a successful attack on SHA-2 yet.This attack on MD5 was new as well, based on known weaknesses. So there's a fair chance that these weaknesses in SHA-2 have been exploited as well, we just haven't seen it.

To your post: Pretty much every crypto algorithm is vulnerable in some way or another. Pretty much every crypto algo accepts this fact. The best way forward is a security-in-depth approach based on hard encryption and proactive/reactive monitoring. InfoSec is about the Boogy Man, were always vulnerable because we can't anticipate every attack vector. Flame's clever attack vector is proof of that.

Money is useful, yes, but it's not going to magic up an entire semi-conductor industry. And even if it did,

You are contradicting yourself here, so it can be done? If Iran willingly going full throttle on this issue they can build their own Silicon Valley.

Quote:

nations can still get their hands on the hardware and software to crack its security.

That's another issue for Iran to deal with but to this argument Iran could have it done, a cpu that runs a 128 bits or runs a 256 bits operating system.

Quote:

A 128-bit processor would be no more secure than a 64-bit one; it would simply have a larger word length and pointer size. Nothing more

Again you are contradicting yourself. So it can be done.

For one to crack a 128 bit or a 256 bit processor/operating system, himself must has a 256 bit cpu and a 256 bit operating system to experiment with. And if you don't have one how on earth would you experiment on what?

So you are suggesting the U.S. government will come up with one just to hack/mess with Iran? Make sense to anyone?

If Bush still around, it might. But Bush is no longer in the White House.

Quote:

In short, your post is poorly-understood nonsense. In the future, please learn something about computers before deciding on what is feasible and what is not.

I've never claimed to be a computer expert. Just kicking sands and see what I can pick up from this thread.

Guy 1: OMG, this new vector for crypto attacks is genius.Guy 2: Yeah, it's incredible. Only the two smartest guys in the world could have come up with this stuff.Guy 1: You mean the smartest and most awesome guys.Guy 2: Yeah, that's what I meant. Also, the best looking.

Money is useful, yes, but it's not going to magic up an entire semi-conductor industry. And even if it did,

You are contradicting yourself here, so it can be done? If Iran willingly going full throttle on this issue they can build their own Silicon Valley.

Quote:

nations can still get their hands on the hardware and software to crack its security.

That's another issue for Iran to deal with but to this argument Iran could have it done, a cpu that runs a 128 bits or runs a 256 bits operating system.

Quote:

A 128-bit processor would be no more secure than a 64-bit one; it would simply have a larger word length and pointer size. Nothing more

Again you are contradicting yourself. So it can be done.

For one to crack a 128 bit or a 256 bit processor/operating system, himself must has a 256 bit cpu and a 256 bit operating system to experiment with. And if you don't have one how on earth would you experiment on what?

So you are suggesting the U.S. government will come up with one just to hack/mess with Iran? Make sense to anyone?

If Bush still around, it might. But Bush is no longer in the White House.

Quote:

In short, your post is poorly-understood nonsense. In the future, please learn something about computers before deciding on what is feasible and what is not.

I've never claimed to be a computer expert. Just kicking sands and see what I can pick up from this thread.

@Evolution, what do you mean by "crack a 128 bit operating system"? I think your looking at cpu word size in isolation. For increased word size ( 128/256+ bit processors) to have any effect, bus speeds, CPU cooling, and memory have to see some improvement. Currently CPUs speed/word size isn't the issue, memory is what slows the system processing (Google the "Memory Mountain" for a nice discussion). In terms of cryptography, yes larger word sizes help, but calculations are done in memory which is the current bottle-neck.

Also, if Iran develops such a CPU, it will not remain exclusively Iran's for long. This is because to develop such a thing requires advancement in the basic science involved in CPU design/fabrication. And if Iranian scientist make these advancements, its only a matter of time until someone else in another nation develops the same.

I would love to know just why this chosen prefix md5 collision attack is new rather than "just" an implementation based on published crypto papers and reference implementations, such as http://cryptography.hyperlink.cz/MD5_collisions.html which can find chosen prefix collisions in less than a minute on a 2006 notebook (not 200 PS3s).

This is not the same kind of collision attack . In the above case , they produced file with the same MD5 hash in gibberish . Produced files did not do anything .

In this case they had to produce valid certificate with all required fields , but having the same hash value as other existing MD5 hash in another certificate . It is much harder to know what fields should be changed to correct values to receive needed MD5.

Thats not true - valid meaningful messages such as X.509 certificates with colliding md5 sums have been generated since 2005. Look here: http://www.schneier.com/blog/archives/2 ... funct.html.Maybe a Microsoft cert is a little harder to collide, so maybe they did need 200PS3s and additional 2 years for this, but it doesn't make it much better does it. Nothing can change the fact that they (Microsoft) knew about MD5 being a total crap cryptographically and yet they still used it 7 years after the published collision attacks. Now THAT's what I call The Real What The Fuck!

I have a feeling you will start to see more Linux and Mac users popping up in the middle east. Before the flaming starts, yes those OS systems can be exploited too, but they sound much more secure than Windows does right now, at least in the middle east.

with the level of resource and sophistication that is behind Flame malware, I'm pretty sure both linux and OSX will crumble just as easily. Noone is safe from something of this magnitude. It's designed to work with brain power of guys whose IQ's with numbers longer than my bank account.

If Windows was a woodend house, linux and OSx would be a concrete house. Something like Flame is a laser, satelite and radar guided bunker buster with a delayed fuse. Either way, it's GG.

Possibly they could brake both OSX and Linux but they wouldn't do it attacking their certificates.Thats for the simple reason no one smart uses MD5 for cryptography since 2006! That's an example of one attack vector those system do not allow.And there is a big difference, because by getting into the trusted software distribution channel they were able to swiftly and stealthy spread the malware across a large number of machines and networks, no matter what individual security settings and other protection systems those machines had.It could have been much more difficult tackling all the individual firewalls, configurations and vulnerabilities or target machines, which is the way one would attempt an attack on a linux or osx machine.

All of this sure makes Anon look like a bunch of amateurs. There is no reason to think that Flame is the only thing out of government labs. Makes you wonder if they have pushed some monitoring software out to Anons via the ones they have turned and used?

Even when the US resorted to using cyber warfare and let Israel participate, it still failed to rein in their zeal. They (Israel) still went too far and allegedly modified the code so that it would propagate as we now see.

I think the proper conclusion is that Israel accidentally let it propagate, not that they did it on purpose. What did they stand to gain? It was still only designed to sabotage a very specific facility – all its spread led to was public knowledge of its existence.

Neither of those are even remotely proper. The NYT report says that it is unknown whether the error was made by the US or Israel.It's also incorrect to claim that the US 'let Israel participate' when in fact their expertise and intelligence was on par with that of the US, according the NYT itself.

I'll have to be more careful with my choice of words. I don't particularly take much stock into the NYT but you can pour over some of the things it reports to parse out some info.

Mr. Obama concluded that when it came to stopping Iran, the United States had no other choice.

If Olympic Games failed, he told aides, there would be no time for sanctions and diplomacy with Iran to work. Israel could carry out a conventional military attack, prompting a conflict that could spread throughout the region.

FP: There haven’t been thoughtful discussions about the consequences or the ethics or the international legal ramifications of this approach. Let’s imagine for a moment that you’re [Iranian President] Mahmoud Ahmadinejad and you are confronted with this. Isn’t your first reaction, “How is them blowing up Natanz with a code any different from them blowing up Natanz with a bomb? And doesn’t that justify military retaliation?”

DS: Blowing it up with computer code, rather than bombs, is different in one big respect: It very hard for the Iranians in real time to know who the attacker was, and thus to make a public case for retaliating. It takes a long time to figure out where a cyber attack comes from.

That was a big reason for the U.S. and Israel to attack Natanz in this way. But it wasn’t the only reason, at least from the American perspective. One of the main driving forces for Olympic Games was to so wrap the Israelis into a project that could cripple Natanz in a subtle way that Israel would see less of a motivation to go about a traditional bombing, one that could plunge the Middle East into a another war.

My perspective is that the US chose to involve the Israeli's into the program as a deliberated decision. The sentiment was to do something to set back Iranian nuclear efforts that would hopefully satisfy Israeli agitation. I'm not trying to diminish any player involved or suggest that Israel was on the sidelines.

An error in the code, they said, had led it to spread to an engineer’s computer when it was hooked up to the centrifuges. When the engineer left Natanz and connected the computer to the Internet, the American- and Israeli-made bug failed to recognize that its environment had changed. It began replicating itself all around the world. Suddenly, the code was exposed, though its intent would not be clear, at least to ordinary computer users.

“We think there was a modification done by the Israelis,” one of the briefers told the president, “and we don’t know if we were part of that activity.”

Mr. Obama, according to officials in the room, asked a series of questions, fearful that the code could do damage outside the plant. The answers came back in hedged terms. Mr. Biden fumed. “It’s got to be the Israelis,” he said

You are right, its not particularly clear who made the modification. It appears though that officials briefing Obama himself seem to think that Israel is responsible.

The people who think Linux is immune to attacks by the NSA make me giggle. You really think that hundreds of the world's best cryptographers can't find a flaw in RHEL 6? They almost certainly have a set of attacks ready to go for different distributions.